Lock

Search | CMS Information Security and Privacy Program

General Information
Security and Privacy Requirements for IT Procurements
Information and templates to ensure federal security standards are met when acquiring new IT products or services at CMSWhat are the security and privacy requirements for IT procurements …
Policy Documents
CMS Cyber Risk Management Plan (CRMP)
A plan that defines the overarching strategy for managing risk associated with the operation of CMS FISMA systems. Introduction The Centers for Medicare & Medicaid Services (CMS) operates …
Policy Documents
CMS Privacy Program Plan
A plan designed to help CMS staff understand the specific requirements of the Privacy Program at CMS Privacy program at CMS Use and disclosure As authorized …
General Information
CMS Information Security Advisory Board (CISAB)
A volunteer board comprised of ISPG staff and the ISSO community designed to promote collaboration on cybersecurity and privacy issuesWhat is the CMS Information Security Advisory Board (CISAB)? The …
General Information
Ongoing Authorization (OA)
Supporting the continuous compliance and safety of FISMA systems through proactive, ongoing monitoring activitiesWhat is Ongoing Authorization (OA)? All FISMA systems must be …
Tools / Services
ISSO As A Service
ISPG program that provides skilled Information System Security Officers (ISSOs) to CMS components in need of professional security and privacy supportWhat is ISSO As A Service (ISSOaaS)? Information System Security …
General Information
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Summary of HIPAA and its policies, and their implications for ISPGHow does HIPAA apply at ISPG? The Health Insurance Portability …
General Information
Role Based Training (RBT)
Required training at CMS to ensure that federal staff and contractors have the security and privacy knowledge and skills needed for their roleWhat is Role Based Training (RBT)? Role-Based Training (RBT …
General Information
Email Encryption Requirements at CMS
Summary of email encryption practices required by federal policies and directives that help CMS employees keep sensitive information safeWhat is considered “sensitive information”? CMS sensitive information is any …
General Information
Breach Response
The steps taken at CMS in response to a suspected breach of personally identifiable information (PII)Protecting sensitive information at CMS CMS systems contain the personal …

Authorization to Operate (ATO)

Ongoing Authorization (OA)

Assessments & Audits

CMS Policies and Guidance

Federal Policies and Guidance

Application Security

Security Operations

Risk Management and Reporting

Agreements

Privacy Activities

Privacy Resources

Reporting & Compliance

System Security

Tests & Assessments

Search Results

Web results with site links

Security and Privacy Requirements for IT Procurements

CMS Cyber Risk Management Plan (CRMP)

CMS Privacy Program Plan

CMS Information Security Advisory Board (CISAB)

Ongoing Authorization (OA)

ISSO As A Service

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Role Based Training (RBT)

Email Encryption Requirements at CMS

Breach Response